An anonymous reader quotes a report from Bloomberg: At Google, leaders are anxious about falling behind in the race to offer AI coding tools, especially as rivals like Anthropic PBC offer more effective and popular tools to businesses, according to people familiar with the matter. The search giant is now working to unite some of its coding initiatives under one banner to speed progress and take advantage of a surge in customer interest. In some corners of Alphabet's Google, particularly AI lab DeepMind, concerns about the company's position are mounting, according to current and former employees and executives, who declined to be named because they weren't authorized to speak publicly.

Businesses are just starting to realize that AI coding tools can enable anyone to build products by prompting a chatbot. But Google doesn't have a clear solution for them. Its Gemini model's capabilities are sprinkled across half a dozen different coding products with different branding, indicating how the company's lack of focus and competing internal efforts have hampered success, the people said. Even internally, some Google engineers prefer to use Anthropic's Claude Code, they said. More concerning, the people said, are the engineers who are struggling to adopt AI coding at all. [...] Google's emphasis on its own technology has also complicated the push to catch up. Most employees are banned from using competing tools such as Claude Code or Codex due to security concerns, but Googlers can request exceptions if they can demonstrate they have a business case, one former employee said. Some teams at DeepMind, including those working on the Gemini model, internal applications, and open source models, use Claude Code, according to three former employees. "You want the best people to use the best tool, even inside Google," one of the former employees said. [...]

In recent years, DeepMind has tried to tighten control over how its AI breakthroughs are woven into Google products. Last year, Google appointed Kavukcuoglu to a new position as chief AI architect, a role in which he is charged with folding generative AI into Google products. Yet confusion about who is leading the charge on AI coding persists. Along with DeepMind, Google Cloud, Google Core, Google Labs and Android are all pushing AI coding in different ways, one of the people said. [...] Within the Googleplex, there is a philosophical clash between AI researchers who want to move as quickly as possible and more traditional senior engineers who have exacting standards for code quality, former employees say. AI usage is factored into performance reviews, according to a former employee. But engineers who try to use internal AI coding tools often hit capacity constraints due to competition for computing power, the former employee said.

BrianFagioli writes: Mozilla's email subsidiary MZLA Technologies just introduced Thunderbolt, an open-source AI client aimed at organizations that want to run AI on their own infrastructure instead of relying entirely on cloud services. The idea is to give companies full control over their data, models, and workflows while still offering things like chat, research tools, automation, and integration with enterprise systems through the Haystack AI framework. Native apps are planned for Windows, macOS, Linux, iOS, and Android. Thunderbolt allows organizations to do the following:
- Run AI with their choice of models, from leading commercial providers to open-source and local models
- Connect to systems and data: Integrate with pipelines and open protocols, including: deepset's Haystack platform, Model Context Protocol (MCP) servers, and agents with the Agent Client Protocol (ACP)
- Automate workflows and recurring tasks: Generate daily briefings, monitor topics, compile reports, or trigger actions based on events and schedules
- Work seamlessly across devices with native applications for Windows, macOS, Linux, iOS, and Android
- Maintain security with self-hosted deployment, optional end-to-end encryption, and device-level access controls

An anonymous reader quotes a report from Ars Technica: Two years ago, Microsoft launched its first wave of "Copilot+" Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable AI and machine learning features that could run locally rather than in someone's cloud, theoretically enhancing security and privacy. One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user's disk, making it trivial for anyone with remote or local access to grab days, weeks, or even months of sensitive data, depending on the age of the user's Recall database.

After journalists and security researchers discovered and detailed these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security. All locally stored data would now be encrypted and viewable only with Windows Hello authentication; the feature now did a better job detecting and excluding sensitive information, including financial information, from its database; and Recall would be turned off by default, rather than enabled on every PC that supported it. The reconstituted Recall was a big improvement, but having a feature that records the vast majority of your PC usage is still a security and privacy risk. Security researcher Alexander Hagenah was the author of the original "TotalRecall" tool that made it trivially simple to grab the Recall information on any Windows PC, and an updated "TotalRecall Reloaded" version exposes what Hagenah believes are additional vulnerabilities.

The problem, as detailed by Hagenah on the TotalRecall GitHub page, isn't with the security around the Recall database, which he calls "rock solid." The problem is that, once the user has authenticated, the system passes Recall data to another system process called AIXHost.exe, and that process doesn't benefit from the same security protections as the rest of Recall. "The vault is solid," Hagenah writes. "The delivery truck is not." The TotalRecall Reloaded tool uses an executable file to inject a DLL file into AIXHost.exe, something that can be done without administrator privileges. It then waits in the background for the user to open Recall and authenticate using Windows Hello. Once this is done, the tool can intercept screenshots, OCR'd text, and other metadata that Recall sends to the AIXHost.exe process, which can continue even after the user closes their Recall session.

"The VBS enclave won't decrypt anything without Windows Hello," Hagenah writes. "The tool doesn't bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it." A handful of tasks, including grabbing the most recent Recall screenshot, capturing select metadata about the Recall database, and deleting the user's entire Recall database, can be done with no Windows Hello authentication. Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall database as well as data Recall has previously recorded. "We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data," a Microsoft spokesperson told Ars. "The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries."

Anthropic released Claude Opus 4.7, calling it its strongest generally available model and an improvement over Opus 4.6 in areas like software engineering, instruction-following, tool use, and agentic coding. But the company says it is "less broadly capable" than the restricted Claude Mythos Preview, "which Anthropic rolled out to a select group of companies as part of a new cybersecurity initiative called Project Glasswing earlier this month," reports CNBC. From the report: The launch of Claude Opus 4.7 on Thursday comes after Anthropic launched Claude Opus 4.6 in February. Anthropic said the new model outperforms Claude Opus 4.6 across many use cases, including industry benchmarks for agentic coding, multidisciplinary reasoning, scaled tool use and agentic computer use, according to a release. Anthropic said it experimented with efforts to "differentially reduce" Claude Opus 4.7's cyber capabilities during training.

The company encouraged security professionals who are interested in using the model for "legitimate cybersecurity purposes" to apply through a formal verification program. Claude Opus 4.7 is available across all of Anthropic's Claude products, its application programming interface and through cloud providers Microsoft, Google and Amazon. The new model is the same price as Claude Opus 4.6, Anthropic said.

An anonymous reader quotes a report from Cord Cutters News: Sony has notified owners of its recent BRAVIA television models that significant changes to the built-in TV Guide for its OTA TV antenna users and related menu features will take effect starting in late May 2026. The update affects a range of premium sets released between 2023 and 2025, marking another instance of feature adjustments for older smart TV hardware as manufacturers shift focus toward newer product lines. The changes primarily target the program guide functionality for over-the-air antenna TV channels received via the ATSC tuner. After the cutoff date, program information may fail to display on certain channels, limiting the guide's usefulness for planning viewing schedules. Users will often see listings only for channels they have recently watched, rather than a comprehensive overview of available broadcasts. Additionally, channel logos that previously appeared in the guide will disappear, and any thumbnail images accompanying program descriptions will no longer load or show.

Further modifications will appear in the television's menu system. For users relying on connected set-top boxes, the dedicated Set Top Box menu option will be removed entirely. In its place, a simpler Control menu will surface, streamlining access but eliminating some specialized navigation previously available. Program thumbnails, which provided visual previews in various menu sections, will also cease to appear across affected interfaces. These adjustments stem from Sony's ongoing efforts to manage backend services and data feeds that support enhanced guide features on its Google TV-powered BRAVIA lineup. As television ecosystems evolve rapidly with advancements in processing power, artificial intelligence integration, and cloud-based content delivery, companies periodically retire select capabilities on prior-generation hardware to optimize resources. The 2023 through 2025 models, while still offering excellent picture quality through advanced OLED and LCD panels with features like XR processing, now fall into the category of devices receiving scaled-back support. These are the models impacted:

2025 models: Bravia 8 II (XR80M2), Bravia 5 (XR50)
2024 models: Bravia 9 (XR90), Bravia 8 (XR80), Bravia 7 (XR70)
2023 models: Bravia A95L series

Amazon's Luna cloud gaming service is making some changes, reports Engadget: It's no longer possible to buy Ubisoft+ and Jackbox Games subscriptions or standalone games through Luna. Amazon will automatically cancel any active subscriptions bought through Luna at the end of customers' next billing cycle. If you have a Ubisoft+ subscription that you bought directly from Ubisoft instead, you'll still be able to access games on that service through Luna until June 10. The Bring Your Own Library option — which allows users to play games they own on the likes of EA, GOG and Ubisoft on Luna — is going away too. You won't be able to access games from those storefronts via Amazon's streaming service after June 3.

If you bought any games outright on Luna, you'll still be able to play them there until June 10. Unlike Google did when it shut down Stadia, Amazon isn't offering refunds for those purchases. However, you'll still have access to them through the respective third-party platform that's linked to your account, be it the EA App, GOG Galaxy or Ubisoft Connect. That doesn't exactly help folks who don't have powerful-enough systems to play more demanding games and were relying on Luna.
For those users, Kotaku complains, "you'll essentially lose access to your purchased games in June unless you buy some hardware to play games like Star Wars Outlaws or set up a different streaming option..."

They describe Luna as Amazon's "barely talked about, struggling game streaming service"... On April 10, Amazon announced that it is "always looking for ways to better serve our players" and that "feedback" has made it "clear" that gamers who use Luna want "easy access to great games." And because more of that content is now offered via Amazon Prime, the company has decided that the best way to "serve" you and other users is to rip out most of Luna's gaming options and remove access to paid games you bought in the past. Do you feel better served...?

Launched in 2020, Amazon Luna has never been much of a big hit for the company, which has struggled to even figure out what to do with it. Initially, it was offered up as a Stadia competitor, providing access to big and small third-party games. This apparently didn't work out for Amazon. So in 2025, Amazon officially announced plans to pivot Luna to a service focused on Jackbox-like casual games. This latest shake-up for Luna further focuses the service on these kinds of games and will put everything available on the service behind different sub tiers, similar to Game Pass.
Their conclusion? "This is all just a great reminder to never, ever, ever, ever buy a video game through a streaming service. At least you can download digital games offline and make backups for later."

"One of VMware's biggest competitors, Nutanix, claims to have swiped tens of thousands of VMware customers," reports Ars Technica. They said higher prices, forced bundling, licensing changes, and more strained partner relationships have frustrated customers and driven them away from the leading virtualization firm. From the report: Speaking at a press briefing at Nutanix's .NEXT conference in Chicago this week, Nutanix CEO Rajiv Ramaswami said that "about 30,000 customers" have migrated from VMware to the rival platform, pointing to customer disapproval over Broadcom's VMware strategy, SDxCentral, a London-based IT publication, reported today. "I think there's no doubt that the customer sentiment continues to be negative about Broadcom," Ramaswami said, per SDxCentral.

Nutanix hasn't specified how many of the customers that it got from VMware are SMBs or enterprise-sized; although, adoption is said to be strongest among mid-market customers as Nutanix also tries wooing larger customers, often by starting with partial deployments. During this week's press briefing, Ramaswami reportedly said that some of the customers that moved from VMware to Nutanix during the latter's most recent fiscal quarter represented Nutanix's "strongest quarterly new logo additions in eight years." "Most of the logos came from our typical VMware migrations on to the [hyperconverged infrastructure] platform," he said.

During the Nutanix conference, Brandon Shaw, Nutanix VP and head of technology services, said that Western Union has been migrating from VMware to Nutanix for six months, The Register reported. The financial services company is moving 900 to 1,200 applications across 3,900 cores. Shaw said that Western Union has been exploring new IT suppliers to help it become more customer-focused. Despite Broadcom's history of "decent lines of communication" with Western Union, Shaw said that Western Union had "challenges partnering with them."

Shaw also pointed to Broadcom's efforts to push customers to buy the VMware Cloud Foundation (VCF), despite the product often having more features than companies need and at high prices. Since moving to Nutanix, the Denver-headquartered financial firm is also benefiting from having more flexibility around workload locations, which is important since Western Union is in over 200 countries, The Register said.

Amazon CEO Andy Jassy says the company may eventually sell its Trainium AI chips directly to outside customers, not just through AWS, which would put Amazon in more direct competition with Nvidia. "There's so much demand for our chips that it's quite possible we'll sell racks of them to third parties in the future," Jassy wrote in his annual shareholder letter Thursday. He also revealed the company's chip business is already running at more than $20 billion annually, with demand so strong that current and even future generations are largely spoken for. Quartz reports: Access to Amazon's chips is currently limited to Amazon Web Services, with customers paying for cloud-based usage rather than owning any physical hardware. Selling to AWS and external customers alike, as standalone chipmakers do, would put annual revenue at around $50 billion, up from the $20 billion the company estimates for the year, Jassy said. The $20 billion figure spans three product lines: Trainium, the AI accelerator chip; Graviton, a general-purpose processor; and Nitro, a chip that helps run Amazon's EC2 server instances. All three are growing at triple-digit rates year over year, Jassy claimed in his letter.

Jassy said demand for Trainium has outpaced supply at each generation. Trainium2 is essentially unavailable, with its entire allocated capacity spoken for. Trainium3 started reaching customers in early 2026, and reservations have filled nearly all available supply. Even Trainium4 -- which is not expected to reach wide release for another year and a half -- has substantial pre-orders committed. Jassy argued that a full-scale Trainium rollout could shave tens of billions off annual capital costs while meaningfully widening profit margin.

Halter, a New Zealand agtech startup now valued at $2 billion, has raised $220 million to expand its AI-powered cattle management system. "Halter is now valued at $2 billion following the Series E, which was led by Peter Thiel's Founders Fund with participation from Blackbird, DCVC, Bond, Bessemer, and several others," reports Inc. From the report: Halter plans to use the funding to expand its existing footprint in the U.S., Australia, and New Zealand, as well as to grow into new markets such as Ireland, the U.K., and parts of North and South America. The round is one of the biggest to-date in the industry, and comes amid growing adoption of the technology among U.S. ranchers. According to Halter, U.S. ranchers have erected some 60,000 miles of virtual fencing since the company's launch in 2024.

Halter's technology works through a system of solar-powered collars and in-pasture towers that collect data -- some 6,000 data points per collar per minute -- from grazing cattle and feed it into a cloud-based platform and app for farmers. The collars are ergonomically designed to be comfortable for the cattle wearing them, and leverage AI to play audio cues or vibrate when it is time to move to a different grazing location or if they step outside of a predetermined zone. The collars can also deliver an electric pulse if an animal does not respond.

Halter's app also creates a digital twin of a ranch, which essentially means a digital replica that leverages real-time data to accurately reflect conditions. Farmers can consult the app to check on their herd, or fence, and move cattle with just a few clicks. Halter also has a proprietary algorithm that it calls a "Cowgorithm" trained on seven billion hours of animal behavior. Altogether, this technology is meant to make ranchers' lives easier when herding cattle, help them save money on building physical fencing, and provide insights about pasture management to improve soil health and pasture productivity. Halter says some 2,000 farmers and ranchers currently use its tech worldwide.

"Hackers briefly turned a widely trusted developer tool into a vehicle for credential-stealing malware that could give attackers ongoing access to infected systems," the news site Axios.com reported Tuesday, citing security researchers at Google.

The compromised package — also named axios — simplifies HTTP requests, and reportedly receives millions of downloads each day: The malicious versions were removed within roughly three hours of being published, but Google warned the incident could have "far-reaching impacts" given the package's widespread use, according to John Hultquist, chief analyst at Google Threat Intelligence Group. Wiz estimates Axios is downloaded roughly 100 million times per week and is present in about 80% of cloud and code environments. So far, Wiz has observed the malicious versions in roughly 3% of the environments it has scanned.
Friday PCMag notes the maintainer's compromised account had two-factor authentication enabled, with the breach ultimately traced "to an elaborate AI deepfake from suspected North Korean hackers that was convincing enough to trick a developer into installing malware," according to a post-mortem published Thursday by lead developer Jason Saayman: [Saayman] fell for a scheme from a North Korean hacking group, dubbed UNC1069, which involves sending out phishing messages and then hosting virtual meetings that use AI deepfakes to clone the face and voices of real executives. The virtual meetings will then create the impression of an audio problem, which can only be "solved" if the victim installs some software or runs a troubleshooting command. In reality, it's an effort to execute malware. The North Koreans have been using the tactic repeatedly, whether it be to phish cryptocurrency firms or to secure jobs from IT companies.

Saayman said he faced a similar playbook. "They reached out masquerading as the founder of a company, they had cloned the company's founders likeness as well as the company itself," he wrote. "They then invited me to a real Slack workspace. This workspace was branded... The Slack was thought out very well, they had channels where they were sharing LinkedIn posts. The LinkedIn posts I presume just went to the real company's account, but it was super convincing etc." The hackers then invited him to a virtual meeting on Microsoft Teams. "The meeting had what seemed to be a group of people that were involved. The meeting said something on my system was out of date. I installed the missing item as I presumed it was something to do with Teams, and this was the remote access Trojan," he added. "Everything was extremely well coordinated, looked legit and was done in a professional manner."
Friday developer security platform Socket wrote that several more maintainers in the Node.js ecosystem "have come out of the woodwork to report that they were targeted by the same social engineering campaign." The accounts now span some of the most widely depended-upon packages in the npm registry and Node.js core itself, and together they confirm that axios was not a one-off target. It was part of a coordinated, scalable attack pattern aimed at high-trust, high-impact open source maintainers. Attackers also targeted several Socket engineers, including CEO Feross Aboukhadijeh. Feross is the creator of WebTorrent, StandardJS, buffer, and dozens of widely used npm packages with billions of downloads... Commenting on the axios post-mortem thread, he noted that this type of targeting [against individual maintainers] is no longer unusual... "We're seeing them across the ecosystem and they're only accelerating."

Jordan Harband, John-David Dalton, and other Socket engineers also confirmed they were targeted. Harband, a TC39 member, maintains hundreds of ECMAScript polyfills and shims that are foundational to the JavaScript ecosystem. Dalton is the creator of Lodash, which sees more than 137 million weekly downloads on npm. Between them, the packages they maintain are downloaded billions of times each month. Wes Todd, an Express TC member and member of the Node Package Maintenance Working Group, also confirmed he was targeted. Matteo Collina, co-founder and CTO of Platformatic, Node.js Technical Steering Committee Chair, and lead maintainer of Fastify, Pino, and Undici, disclosed on April 2 that he was also targeted. His packages also see billion downloads per year... Scott Motte, creator of dotenv, the package used by virtually every Node.js project that handles environment variables, with more than 114 million weekly downloads, also confirmed he was targeted using the same Openfort persona.
Socket reports that another maintainer was targetted with an invitation to appear on a podcast. (During the recording a suspicious technical issue appeared which required a software fix to resolve....)

Even just technical implementation, "This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package," the CI/CD security company StepSecurity wrote Tuesday The dropper contacts a live command-and-control server, delivers separate second-stage payloads for macOS, Windows, and Linux, then erases itself and replaces its own package.json with a clean decoy... Three payloads were pre-built for three operating systems. Both release branches were poisoned within 39 minutes of each other. Every artifact was designed to self-destruct. Within two seconds of npm install, the malware was already calling home to the attacker's server before npm had even finished resolving dependencies... Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project's normal GitHub Actions CI/CD pipeline.
"As preventive steps, Saayman has now outlined several changes," reports The Hacker News, "including resetting all devices and credentials, setting up immutable releases, adopting OIDC flow for publishing, and updating GitHub Actions to adopt best practices."

The Wall Street Journal called it "the latest in a string of incidents exposing risks in the systems that underpin how modern software is built."

"Consumer PC parts aren't the only things being gobbled up by the 'AI' industry," writes PCWorld's Michael Crider. "A Starcraft-inspired strategy game is shutting down its multiplayer servers because the hosting company got bought out for 'AI.'" The game will still be playable offline for now, but the shutdown highlights the ripple effects of the AI boom on the gaming industry. Amid the ongoing hardware shortages, AI companies are basically gobbling up as much infrastructure as they can to repurpose it for AI workloads. From the report: The game in question is Stormgate, a crowdfunded revival of the real-time strategy genre that has languished in the last decade or so. The developer Frost Giant Studios told its players on Discord (spotted by PC Gamer) that it would be unable to continue multiplayer access past the end of this month. The "game server orchestration partner" was bought by an AI company -- the developer's words, not mine -- which means that the multiplayer aspects of the game will have a "planned outage."

The devs say the game will be patched for offline play, presumably including its single-player campaign mode and co-op modes, but "online modes will not be available at that point." They're hoping to bring back online play in a later update, but that'll depend on "finding a partner to support ongoing operations." That sounds like old-fashioned player-hosted games with lobbies aren't in the cards, at least not yet.

Frost Giant's server provider is Hathora, which was bought by a company called Fireworks AI last month. Fireworks describes its offerings as "open-source AI models at blazing speed, optimized for your use case, scaled globally with the Fireworks Inference Cloud." So, yeah, Hathora's infrastructure will likely be used for yet more generative "AI." And according to GamesBeat, it's planning to shut down the game service aspect of its company completely. That means Stormgate probably isn't going to be the last game affected. Hathora also provides online services for Splitgate 2, among others. I'm contacting Hathora for comment and will update this story if I receive a response.

Microsoft plans to invest $10 billion in Japan from 2026 to 2029 to expand AI infrastructure, boost local cloud capacity, train 1 million engineers and developers, and deepen cybersecurity cooperation with the Japanese government. Reuters reports: The investment includes the training of 1 million engineers and developers by 2030, Microsoft said, which was unveiled during a visit to Tokyo by Vice Chair and President Brad Smith. In a statement, the company said the plan aligns with Prime Minister Sanae Takaichi's goal to boost growth through advanced, strategic technologies while safeguarding national security.

Microsoft will work with domestic firms including SoftBank and Sakura Internet to expand Japan-based AI computing capacity, allowing Ecompanies and government agencies to keep sensitive data within the country while accessing Microsoft Azure services, it said. It will also deepen cooperation with Japanese authorities on sharing intelligence related to cyber threats and crime prevention.

IBM and Arm are teaming up to let Arm-based software run on IBM Z mainframes. Network World reports: The two companies plan to work on three things: building virtualization tools so Arm software can run on IBM platforms; making sure Arm applications meet the security and data residency rules that regulated industries must follow; and creating common technology layers so enterprises have more software options across both platforms, IBM said in a statement.

IBM has not said whether the virtualization work will happen at the hypervisor level, through its existing PR/SM partitioning technology, or via containers -- a question enterprise architects will need answered before they can assess the collaboration's practical value. IBM described the effort as serving enterprises that run regulated workloads and cannot simply move them to the cloud, the statement said. IBM mainframe customers have largely missed out on the efficiency and price-performance gains Arm has already delivered in the cloud. "Arm says close to half of all compute shipped to top hyperscalers in 2025 runs on Arm chips, with AWS, Google, and Microsoft deploying their own Arm silicon through Graviton, Axion, and Cobalt, respectively," reports Network World.

That gap is precisely what IBM and Arm's collaboration intends to address. "This is a mainframe adjacency play," says Rachita Rao, senior analyst at Everest Group. "The intent is to extend IBM Z and LinuxONE environments by enabling Arm-compatible workloads to run closer to systems of record. While hyperscalers use Arm to lower their own internal power costs and pass savings to cloud-native tenants, IBM is targeting the sovereign and air-gapped market."

Euro-Office is a new open-source project supported by several European companies that aims to offer a "truly open, transparent and sovereign solution for collaborate document editing," using OnlyOffice as a starting point. The project is positioned around European digital independence and familiar Office-style editing, though it has already drawn pushback from OnlyOffice over alleged licensing violations. "The company behind OnlyOffice is also based in Russia, and Russia is still heavily sanctioned by most European nations due to the country's ongoing invasion of Ukraine," adds How-To Geek. From the report: Euro-Office is a new open-source project supported by Nextcloud, EuroStack, Wiki, Proton, Soverin, Abilian, and other companies based in Europe. The goal is to build an online office suite that can open and edit standard Microsoft Office documents (DOCX, PPTX, XLSX) and the OpenDocument format (ODS, ODT, ODP) used by LibreOffice and OpenOffice. The current design is remarkably close to Microsoft Office and its tabbed toolbars, so there shouldn't be much of a learning curve for anyone used to Word, Excel, or PowerPoint.

Importantly, Euro-Office is only the document editing component. It's designed to be added to cloud storage services, online wikis, project management tools, and other software. For example, you could have some Word documents in your Nextcloud file storage, and clicking them in a browser could open the Euro-Office editor. That way, Nextcloud (or Proton, or anyone else) doesn't have to build its own document editor from scratch.

Euro-Office is based on OnlyOffice, which is open-source under the AGPL license. The project explained that "Contributing is impossible or greatly discouraged" with OnlyOffice's developers, with outside code changes rarely accepted, so a hard fork was required. The company behind OnlyOffice is also based in Russia, and Russia is still heavily sanctioned by most European nations due to the country's ongoing invasion of Ukraine. The project's home page explains, "A lot of users and customers require software that is not potentially influenced or controlled by the Russian government." As for why OnlyOffice was chosen over LibreOffice, the project simply said: "We believe open source is about collaboration, and we look for opportunities to integrate and collaborate with the LibreOffice community and companies like Collabora."

UPDATE: Slashdot reader Elektroschock shares a statement from OnlyOffice CEO Lev Bannov, expressing his concerns about the Euro-Office inclusion of its software with trademarks removed: "We liked the AGPL v3 license because its 7th clause allows us to ensure that our code retains its original attributes, so that users are able to clearly identify the developers and the brand behind the program..."

Bannov continued: "The core issue here isn't just about what the AGPL license states, but about the additional provisions we, as the authors, have included. This is a critical distinction, even if some may argue otherwise. We firmly assert that the Euro-Office project is currently infringing on our copyright in a deliberate and unacceptable manner."

"As the creators of ONLYOFFICE, we want to make our position unequivocally clear: we do not grant anyone the right to remove our branding or alter our open-source code without proper attribution. This principle is non-negotiable and will never change. We demand that the Euro-Office project either restore our branding and attributions or roll back all forks of our project, refraining from using our code without proper acknowledgment of ONLYOFFICE."

The European Commission is investigating a breach after a threat actor allegedly accessed at least one of its AWS cloud accounts and claimed to have stolen more than 350 GB of data, including databases and employee-related information. AWS says its own services were not breached. BleepingComputer reports: Sources familiar with the incident have told BleepingComputer that the attack was quickly detected and that the Commission's cybersecurity incident response team is now investigating. While the Commission has yet to share any details about this breach, the threat actor who claimed responsibility for the attack reached out to BleepingComputer earlier this week, stating that they had stolen over 350 GB of data (including multiple databases).

They didn't disclose how they breached the affected accounts, but they provided BleepingComputer with several screenshots as proof that they had access to information belonging to European Commission employees and to an email server used by Commission employees. The threat actor also told BleepingComputer that they will not attempt to extort the Commission using the allegedly stolen data as leverage, but intend to leak the data online at a later date.

An anonymous reader quotes a report from Physics World: Researchers at the CERN particle-physics lab have successfully transported antiprotons in a lorry across the lab's main site. The feat, the first of its kind, follows a similar test with protons in 2024. CERN says the achievement is "a huge leap" towards being able to transport antimatter between labs across Europe. [...] To do so, in 2020 the BASE team began developing a device, known as BASE-STEP (for Baryon-Antibaryon Symmetry Experiment-Symmetry Tests in Experiments with Portable Antiprotons), to store and transport antiprotons. It works by trapping particles in a Penning trap composed of gold-plated cylindrical electrode stacks made from oxygen-free copper that is surrounded by a superconducting magnet bore operated at cryogenic temperatures.

The device, which also contains a carbon-steel vacuum chamber to shield the particles from stray magnetic fields, is then mounted on an aluminium frame. This allows it to be transported using standard forklifts and cranes and withstand the bumps and vibrations of transport. In 2024, BASE researchers used the device to transport a cloud of about 105 trapped protons across CERN's Meyrin campus for four hours. After that feat, the researchers began to adjust BASE-STEP to handle antiprotons and yesterday the team successfully transported a trap containing a cloud of 92 antiprotons around the campus for 30 minutes, traveling up to 42 km/h.

With further improvements and tests, the team now hope to transport the antiprotons further afield. The first destination on the team's list is the Heinrich Heine University (HHU) in Dusseldorf, Germany, which would take about eight hours. "This means we'd have to keep the trap's superconducting magnet at a temperature below 8.2 K for that long," says BASE-STEP's leader Christian Smorra. "So, in addition to the liquid helium , we'd need to have a generator to power a cryocooler on the truck. We are currently investigating this possibility." If possible to transport to HHU, physicists would then use the particles to search for charge-parity-time violations in protons and antiprotons with a precision at least 100 times higher than currently possible at CERN.

Arm unveiled its first self-developed data center chip, the AGI CPU, designed for handling agentic AI workloads. The new chip was built in partnership with Meta and manufactured by TSMC. Other customers for the new chip include OpenAI, Cloudflare, SAP, and SK Telecom. Reuters reports: The new chip, called the AGI CPU, will address data-crunching needed for a specific type of AI that is able to act on behalf of users with minimal oversight, instead of responding to queries as part of a chatbot. For years, Arm, majority-owned by Japan's SoftBank Group has relied only on intellectual property for revenue, licensing its designs to companies such as Qualcomm and Nvidia and then collecting a royalty payment based on the number of units sold.

"It's a very pivotal moment for the company," CEO Rene Haas said in an interview with Reuters. The new chip will be overseen by Mohamed Awad, head of the company's cloud AI business, and Arm has additional designs in the works that it plans to release at 12- to 18-month intervals. TSMC is fabricating the device on its 3-nanometer technology and is made from two distinct pieces of silicon that operate as a single chip. Arm plans to put it into volume production in the second half of this year but has received test chips that function as expected. In addition to the chip itself, Arm is working with server makers such as Lenovo and Quanta Computer to offer complete systems.

An anonymous reader quotes a report from Ars Technica: A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before-seen backdoor -- and curiously a data wiper that targets Iranian machines. The group, tracked under the name TeamPCP, first gained visibility in December, when researchers from security firm Flare observed it unleashing a worm that targeted cloud-hosted platforms that weren't properly secured. The objective was to build a distributed proxy and scanning infrastructure and then use it to compromise servers for exfiltrating data, deploying ransomware, conducting extortion, and mining cryptocurrency. The group is notable for its skill in large-scale automation and integration of well-known attack techniques.

More recently, TeamPCP has waged a relentless campaign that uses continuously evolving malware to bring ever more systems under its control. Late last week, it compromised virtually all versions of the widely used Trivy vulnerability scanner in a supply-chain attack after gaining privileged access to the GitHub account of Aqua Security, the Trivy creator. Over the weekend, researchers said they observed TeamPCP spreading potent malware that was also worm-enabled, meaning it had the potential to spread to new machines automatically, with no interaction required of victims behind the keyboard. [...]

As the weekend progressed, CanisterWorm [as Aikido has named the malware] was updated to add an additional payload: a wiper that targets machines exclusively in Iran. When the updated worm infects machines, it checks if the machine is in the Iranian timezone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead triggered a novel wiper that TeamPCP developers named Kamikaze. Eriksen said in an email that there's no indication yet that the worm caused actual damage to Iranian machines, but that there was "clear potential for large-scale impact if it achieves active spread." It's unclear what the motive is for TeamPCP. Aikido researcher Charlie Eriksen wrote: "While there may be an ideological component, it could just as easily be a deliberate attempt to draw attention to the group. Historically, TeamPCP has appeared to be financially motivated, but there are signs that visibility is becoming a goal in itself. By going after security tools and open-source projects, including Checkmarx as of today, they are sending a clear and deliberate signal."

"We have removed all malicious artifacts from the affected registries and channels," Trivy maintainer Itay Shakury posted today, noting that all the latest Trivy releases "now point to a safe version." But "On March 19, we observed that a threat actor used a compromised credential..."

And today The Hacker News reported the same attackers are now "suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages..." (The attackers apparently leveraged a postinstall hook "to execute a loader, which then drops a Python backdoor that's responsible for contacting the ICP canister dead drop to retrieve a URL pointing to the next-stage payload.") The development marks the first publicly documented abuse of an ICP canister for the explicit purpose of fetching the command-and-control (C2) server, Aikido Security researcher Charlie Eriksen said... Persistence is established by means of a systemd user service, which is configured to automatically start the Python backdoor after a 5-second delay if it gets terminated for some reason by using the "Restart=always" directive. The systemd service masquerades as PostgreSQL tooling ("pgmon") in an attempt to fly under the radar...

In tandem, the packages come with a "deploy.js" file that the attacker runs manually to spread the malicious payload to every package a stolen npm token provides access to in a programmatic fashion. The worm, assessed to be vibe-coded using an AI tool, makes no attempt to conceal its functionality. "This isn't triggered by npm install," Aikido said. "It's a standalone tool the attacker runs with stolen tokens to maximize blast radius."

To make matters worse, a subsequent iteration of CanisterWorm detected in "@teale.io/eslint-config" versions 1.8.11 and 1.8.12 has been found to self-propagate on its own without the need for manual intervention... [Aikido Security researcher Charlie Eriksen said] "Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector. Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats."
So far affected packages include 28 in the @EmilGroup scope and 16 packages in the @opengov scope, according to the article, blaming the attack on "a cloud-focused cybercriminal operation known as TeamPCP."

Ars Technica explains that Trivy had "inadvertently hardcoded authentication secrets in pipelines for developing and deploying software updates," leading to a situation where attacks "compromised virtually all versions" of the widely used Trivy vulnerability scanner: Trivy maintainer Itay Shakury confirmed the compromise on Friday, following rumors and a thread, since deleted by the attackers, discussing the incident. The attack began in the early hours of Thursday. When it was done, the threat actor had used stolen credentials to force-push all but one of the trivy-action tags and seven setup-trivy tags to use malicious dependencies... "If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately," Shakury wrote.

Security firms Socket and Wiz said that the malware, triggered in 75 compromised trivy-action tags, causes custom malware to thoroughly scour development pipelines, including developer machines, for GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and whatever other secrets may live there. Once found, the malware encrypts the data and sends it to an attacker-controlled server. The end result, Socket said, is that any CI/CD pipeline using software that references compromised version tags executes code as soon as the Trivy scan is run... "In our initial analysis the malicious code exfiltrates secrets with a primary and backup mechanism. If it detects it is on a developer machine it additionally writes a base64 encoded python dropper for persistence...."

Although the mass compromise began Thursday, it stems from a separate compromise last month of the Aqua Trivy VS Code extension for the Trivy scanner, Shakury said. In the incident, the attackers compromised a credential with write access to the Trivy GitHub account. Shakury said maintainers rotated tokens and other secrets in response, but the process wasn't fully "atomic," meaning it didn't thoroughly remove credential artifacts such as API keys, certificates, and passwords to ensure they couldn't be used maliciously.

"This [failure] allowed the threat actor to perform authenticated operations, including force-updating tags, without needing to exploit GitHub itself," Socket researchers wrote.
Pushing to a branch or creating a new release would've appeared in the commit history and trigger notifications, Socket pointed out, so "Instead, the attacker force-pushed 75 existing version tags to point to new malicious commits." (Trivy's maintainer says "we've also enabled immutable releases since the last breach.")

Ars Technica notes Trivy's vulnerability scanner has 33,200 stars on GitHub, so "the potential fallout could be severe."

An anonymous reader quotes a report from The Register: A lobbying trade body for smaller cloud providers is asking the European Commission to impose interim measures blocking Broadcom from terminating the VMware Cloud Service Provider program, calling the decision a death sentence for some tech suppliers and an illegal squeeze on customer choice. As The Reg revealed in January, Broadcom shuttered the scheme, a move sources claimed affects hundreds of CSPs across Europe and curtails options for enterprises buying VMware software and services. The Cloud Infrastructure Service Provider in Europe (CISPE) trade group, representing nearly 50 tech suppliers, filed the complaint today with the EC Directorates-General, accusing Broadcom of bully-boy tactics, and calling for authorities to halt what it terms as "ongoing abuse."

Francisco Mingorance, CISPE secretary general, said of the complaint: "Businesses -- both cloud providers and their customers -- are being irreparably damaged by Broadcom's unfair actions, which we believe are illegal. "After imposing outrageous and unjustified price hikes immediately following the acquisition of VMware, Broadcom is now applying the 'coup de grace'. We need urgent intervention to force them to change. The only way to stop bullies is to stand up to them." CISPE claims that, since Broadcom completed its $69 billion takeover of VMware in October 2023, prices have risen tenfold, payment is demanded upfront, products are bundled regardless of customer need, and minimum commitments are based on potential rather than actual consumption.

The VMware Cloud Service Provider (VCSP) program officially closed in January and all transactions must be complete by March 31. After that date, only a select group of suppliers will be able to sell VMware subscriptions -- either standalone or as part of a broader service. Across Europe, we're told this equates to hundreds of businesses losing their authorization. For some, the loss of VCSP status effectively destroys their market. Those whose operations were built around VMware must now hand customers to another authorized supplier or begin the costly migration to an alternative platform. Broadcom said in a statement responding to the complaint: "Broadcom strongly disagrees with the allegations by CISPE, an organization funded by hyperscalers, which misrepresent the realities of the market. We continue to be committed to investing significantly in our European VMware Cloud Service Provider partners... helping them offer alternatives to the hyperscalers and meet the evolving needs of European businesses and organizations."